Security Experts:

Connect with us

Hi, what are you looking for?



Attorneys General File First Multistate HIPAA-Related Data Breach Lawsuit

Attorneys General from 12 U.S. states this week filed a lawsuit against a healthcare tech solutions provider over a data breach suffered by the company in 2015.

Attorneys General from 12 U.S. states this week filed a lawsuit against a healthcare tech solutions provider over a data breach suffered by the company in 2015.

The target of the lawsuit is Medical Informatics Engineering (MIE), previously known as Enterprise Health, and its subsidiary NoMoreClipboard. Their products allow healthcare providers to transmit and share information.

MIE informed customers in the summer of 2015 that servers used by its WebChart electronic health record (EHR) solution had been breached and the details of 3.9 million individuals had been accessed. The compromised information included names, phone numbers, addresses, usernames, hashed passwords, email addresses, security questions and answers, dates of birth, social security numbers, health insurance details, and medical information.

Attorneys General from 12 states have decided to file a lawsuit against MIE in what has been described as the first multistate data breach lawsuit related to the Health Insurance Portability and Accountability Act (HIPAA).

HIPAA, among other things, establishes policies and procedures for maintaining the privacy and the security of protected health information. AGs allege MIE violated provisions of HIPAA, along with unfair and deceptive practice laws, notice of data breach statutes, and state-level laws focusing on the protection of personal information.

The complaint was filed in Indiana, where MIE is headquartered, by AGs representing Indiana, Arizona, Arkansas, Florida, Iowa, Kansas, Kentucky, Louisiana, Minnesota, Nebraska, North Carolina, and Wisconsin.

Authorities claim MIE failed to implement basic data security measures, it did not have security mechanisms in place for preventing the exploitation of vulnerabilities in its systems, it failed to encrypt sensitive personal and medical information, and had an inadequate and ineffective response to the breach.

“Last year, more than 5.3 million North Carolinians were estimated to have been affected by a data breach,” said Josh Stein, Attorney General for North Carolina. “I expect this year’s number will also be troubling. We must do better at protecting people’s personal information – particularly health and other sensitive information.”

MIE did not immediately respond to SecurityWeek’s request for comment on the lawsuit.

Related: Massive Singapore Healthcare Breach Possibly Involved Contractor

Related: Hackers Breach System, Get Data on 75,000

Related: Data Breach Hits 2.6 Million Atrium Health Patients

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...